Manualshelf

White Paper

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
11121314151617181920
14
The audit_filters DLKM makes filtering decisions and enforces the filtering policy in the kernel.
Filtering in the kernel can occur both before and after the invocation of the system call code. See
the definitions of system call pre-filtering and post-filtering in Glossary
.
Audit Reporting
The AudReport product consists of the following components:
Commands
auditdp(1M) — An audit data processing tool that selectively extracts, or filters, audit data from
a data source in one of several possible formats and writes the data to the target, in the same or
different format. The tool uses the DPMS framework, and is available only on HP-UX 11i v3 with the
AudReport product installed.
Libraries
DPMS (Data Process Module Switch) — A framework implemented as a library that contains a set
of common programming interfaces (APIs) and Service Modules to selectively read and write audit
data in various formats (for example, XML Audit Reports).
DPMS provides a layer of separation between applications (for example, auditdp(1M)) that need
to extract information from audit data source and the underlying modules that have the knowledge
about the internal data format. This framework is primarily designed for HP-UX audit data that the
HP-UX system collects (see audit (5)). However, the framework allows service modules to be
plugged in to handle the data in any format. With this layer of separation, an application can treat
any data using the same APIs by simply applying the service module corresponding to the given set
of data. The application does not need knowledge about the internal format of the data to use the
information.
For more information on DPMS, see audit_dpms(5). For a description of the various DPMS
Service Modules, see audit_hpux_portable(5), audit_hpux_raw(5), and
audit_hpux_xml(5). For a description of the Audit DPMS APIs that applications writers use, see
audit_dpms_api(3). For a description of the Audit DPMS Service Provider Interface that a
DPMS Service Module writer must support, see audit_dpms_spi(3). For a description of the
configuration file for filtering Audit DPMS data, see audit_dpms_filter(4). For a description
of how a DPMS service module is implemented, see Writing a DPMS service module
.
Files
One or more configuration files that you can use to select auditing information in the audit trail to
include in an audit report. You specify the files using the auditdp –S option. They contain filtering
rules that are described in audit_dpms_filter(4).
HP-UX Auditing System Administration
This section describes the basic installation, configuration, and management of the HP-UX Auditing
System by the Audit Administrator.
Installation
The features described in this paper assume the following software has been installed, depending on
the HP-UX release:
HP-UX Standard Mode Security Extensions (SMSE) (HP-UX 11i v2)
Previously, the auditing system was only supported on systems converted to trusted mode. By
installing the HP-UX Standard Mode Security Extensions bundle, you can now perform audits
without converting the system to trusted mode.